[Samba] Few questions about members
Steve Campbell
campbell at cnpapers.com
Thu Jun 5 13:58:10 MDT 2014
On 6/5/2014 3:27 PM, steve wrote:
> On Thu, 2014-06-05 at 15:18 -0400, Steve Campbell wrote:
>> On 6/5/2014 3:05 PM, steve wrote:
>>> On Thu, 2014-06-05 at 14:45 -0400, Steve Campbell wrote:
>>> .
>>>> Unfortunately, we still have no access to the shares on the member
>>>> server, either from a network neighborhood or the administrative tools
>>>> on a windows machine. We get "permission denied" from any method we try
>>>> to use or update the share.
>>>>
>>>> For now, I've got 777 permissions on the folder.
>>>>
>>>> I'm just so hopelessly lost on this.
>>>>
>>>> steve
>>> network neighbourhood doesn't works against a dc.
>> Trying to use/mount/do anything with a share on a member server.
>>> What stage are we at:
>>> klist -k
>> ]# klist -k
>> Keytab name: FILE:/etc/krb5.keytab
>> klist: No such file or directory while starting keytab scan
>>
>> This occurs on both AD and member. Not sure which I should run it on.
>>
>>
>>> net ads testjoin -UAdministrator
>> On the member:
>> # net ads testjoin -UAdministrator
>> Join is OK
>>
>>> please post the latest smb.conf
>> [global]
>>
>> netbios name = STORAGE
>> workgroup = TS
>> security = ADS
>> realm = TS.MYSTUFF.COM
>> encrypt passwords = yes
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 70001-80000
>> idmap config TS:backend = ad
>> idmap config TS:schema_mode = rfc2307
>> idmap config TS:range = 500-40000
>>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> log file = /var/log/samba/samba.log
>>
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>> [demoshare]
>> path = /opt/testshare
>> read only = no
>> browseable = yes
>> available = yes
>>
>>> Cheers
>> Thanks
>> steve
> We are talking about the member.
> Add the line:
> kerberos method = system keytab
> to [global]
> and run:
> net ads keytab create -UAdministrator
Did this with no return messages
>
> now:
> commands
> hostname -f
# hostname -f
storage.ts.mystuff.com
> hostname -s
> hostname
# hostname -s
storage
> klist -k
# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
1 host/storage at TS.MYSTUFF.COM
1 host/storage at TS.MYSTUFF.COM
1 host/storage at TS.MYSTUFF.COM
1 host/storage at TS.MYSTUFF.COM
1 host/storage at TS.MYSTUFF.COM
1 STORAGE$@TS.MYSTUFF.COM
1 STORAGE$@TS.MYSTUFF.COM
1 STORAGE$@TS.MYSTUFF.COM
1 STORAGE$@TS.MYSTUFF.COM
1 STORAGE$@TS.MYSTUFF.COM
>
> list the contents of:
> /etc/hosts
# cat /etc/hosts
127.0.0.1 storage.ts.mystuff.com storage localhost
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
> /etc/hostname
No such file
> /etc/resolv.conf
# cat /etc/resolv.conf
nameserver 192.9.200.83
search ts.mystuff.com
> /etc/krb5.conf
# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TS.MYSTUFF.COM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
> Steve
>
>
Big difference in that klist -k
steve
More information about the samba
mailing list